Phishing scams targeting cryptocurrency investors intensified in August 2025, draining more than $12 million from over 15,000 wallets across the sector.
Blockchain security firm Scam Sniffer reported that these losses represent a sharp month-over-month rise, climbing 72% compared with July. Notably, the number of victims also grew, increasing 67% over the same period.
Ethereum EIP 7702 Fuels Increase in Crypto Phishing Attacks
According to the firm, about 46% of phishing losses came from three high-value accounts, often referred to as whales. Together, these accounts lost $5.62 million, and one alone was exploited for $3.08 million.
SponsoredMeanwhile, Scam Sniffer identified Ethereum’s EIP-7702 standard as the primary tool leveraged in August’s wave of attacks. The firm also noted an uptick in scammers tricking crypto users into sending money directly to malicious contracts.
EIP-7702 improves Ethereum wallets by temporarily allowing externally owned accounts (EOAs) to function like smart contract wallets.
This enables convenient features such as batching transactions, setting spending caps, integrating passkeys, and recovering wallets without changing addresses.
However, attackers have turned these same tools into a way to accelerate thefts.
Wintermute’s Dune Analytics dashboard shows that more than 80% of delegate contracts tied to EIP-7702 involve malicious activity. Notably, this has compromised more than 450,000 wallet addresses since its implementation this year.
Yu Xian, founder of the security company SlowMist, noted that awareness of how EIP-7702 can be weaponized remains low. He emphasized that organized criminal groups have enthusiastically embraced the mechanism, exploiting it across Ethereum Virtual Machine (EVM) ecosystems.
In light of the surge, Scam Sniffer has advised crypto users to be far more cautious when interacting with wallet requests.
They suggest verifying domains, avoiding rushed approvals, and refusing signatures that grant unlimited permissions or appear broader than necessary.
Additionally, suspicious prompts tied to EIP-7702 contract upgrades or mismatched transaction simulations should also raise alarms.
